Archived 06/06/2023 - See CDS Guide ID Permanence and PPID, and Consumer Data Standards: Security Profile.
Question
How does a Data Holder (DH) obtain the client ID in a PAR request?
Answer
The client_id
is required in the request syntax and the request object passed to the PAR and authorize endpoint. This is required by oAuth 2.0 and is covered in OIDC section 6.1. The client_id
is not in the client_assertion itself but in the request syntax and request object JWT.
A valid OAuth 2.0 Authorization Requests MUST include values for the response_type
and client_id
in the OAuth 2.0 request syntax. The values for these parameters MUST match those in the Request Object, if present.
Comments
0 comments
Please sign in to leave a comment.